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DETAILED ACTION 
Response to Arguments 

Applicant's arguments filed 02/16/2005 have been fully considered but they are 
not persuasive. 

• As argued by applicants at page 8 with respect to a state variable of a 
database: 

Contrary to the Examiner's assertion (Office Action page 1 0), it Is very respectfully submitted that 
Bapat et al does NOT teach a calculation expression, for controlling access to a database, that can be 
evaluated based on a state variable of a database . As noted in noted, for example, in the summary of 
the Invention, the expression can be based on fields of the records as well as other information, for 
example, various state variables of the database (e.s,, date, time, number of records, etc.) 

In response to applicant's argument that the references fail to show certain 
features of applicant's invention, it is noted that the features upon which applicant relies 

(i .e., in the summary of the Invention, the expression can be based on fields of the records as well as other 
information, for example, various state variables of the database (e,2^, date, time, number of records, etc.)) are 

not recited in the rejected claim(s). Although the claims are interpreted in light of the 
specification, limitations from the specification are not read into the claims. See In re 
Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed, Cir. 1993). 

Specifically, a state variable as in the specification is defined by using a plurality 
of example, e.g., date, time, number of records..., and these are metadata of a record. Name of 
a record is metadata. Therefore, name of a record is a state variable as well. 
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As disclosed by Bapat, Access control for a particular user on a particular 
managed object is defined by a permissions table as shown below (Col. 26, lines 10- 
12). 
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A permission entry 1502 is tuple having three fields, user name, object name, 
and operation type. The object name, preferably, is the FDN or Full Distinguish Name 
for a managed object (Col. 26, Lines 28-33). As seen, each row expression in the 
Granted Permissions Table is a calculation expression with a plurality of implied EQUAL 
OPERATOR, and is evaluated by the FDN field represents by the name of the record to 
determine the access right. 

• As argued by applicants at page 9: 

As noted by the Examiner, "FDN is a name for a managed object. " (Office Action, page 8, citing col. 
26, lines 28-33 of Bapat et al). It is also noted that the "FDN operates as the primary key to data 
stored in a table (Office Action, page 8, citing col 19, lines 36-40 of Bapat et al). However, it is 
respectfully submitted that FDN is the name assigned to an object, and it is NOT a field of actual data 
in a record stored in a database. 



Examiner respectfully traverses because FDN is the name assigned to an object, 
and also a field of data used in a plurality of records stored in database. Applicant is 
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referred to FIG. 10 that includes TABLE 310, wherein FDN is a field of data used in a 
plurality of records stored in database. 

• As argued by applicants at page 9: 

Contrary to the Examiner's assertion (Office Action, page 5), it is very respectfully submitted that each 
row in the Granted Permissions Table of Bapat et al is NOT a mathematical p rocess that is evaluated 
by the FDN. Bapat et al merely teaches a Granted Permissions Table that is used to store information, 
and which can be subsequently searched based on the FDN 

Examiner respectfully traverses because each row in the Granted Permissions 
Table explicitly defines an access right of a user to a record in the database with its 
Fully Distinguished Name is equal to the specified Fully Distinguished Name in the 
Granted Permissions Table. For example, based on a row of the Granted Permissions 
Table, a user_x can delete any record that has Object Name (FDN) = Record (FDN). As 
seen, each row expression in the Granted Permissions Table is a mathematical 
process, (Object Name (FDN) = Record (FDN), evaluated by the FDN field of the record 
to determine the access right. 

• As argued by applicants at page 10: 

PerMPEP §2143.01, in order to make a prima facie case of obviousness, there must a motivation or 
suggestion in the combination of references. In the Office Action, the Examiner has asserted that it 
would have been obvious to use a password for a user However, it is respectfully submitted that this 
assertion does NOT address the lack of teaching in both Bapat et al and Elmasri with respect to a 
motivation or suggestion to define a calculation expression for a password which is associated with 
one or more users. Moreover, it is respectfully submitted that there is no motivation or suggestion in 
Bapat et al or Elmasri for defining a calculation expression for a password 



Application/Control Number: 09/771,143 
Art Unit: 2162 



Page 5 



In response to applicant's argument that there is no suggestion to combine the 
references, the examiner recognizes that obviousness can only be established by 
combining or modifying the teachings of the prior art to produce the claimed invention 
where there is some teaching, suggestion, or motivation to do so found either in the 
references themselves or in the knowledge generally available to one of ordinary skill in 
the art. See /n re F/ne, 837 F. 2d 1071,5USPQ2d 1596 (Fed. Cir. 1988), and /n re 
Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). In this case, the process of 
assigning a password and identifying password is a conventional technique, which was 
used for security purpose, and password is a must for Bapat method and system in 
order to have a more secure database system. 

• The rejection of claims 1 and 37 under 35 U.S.C § 1 12, first paragraph, 
and objection of claims 20 and 23 are withdrawn due to the cancelation of these claims. 

Claim Objections 

Claim 48 is objected to because of the following informalities: said plurditv records 
in the step of defining a calculation expression. Appropriate correction is required. 



Application/Control Number: 09/771,143 
Art Unit: 2162 



Pages 



Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 

form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described In (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 48-50 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Bapat et al. [USP 6,236,996 B1]. 

Regarding claim 48, Bapat teaches a method of controlling access to records 
stored in a database, the method comprising: 

defining a calculation expression for controlling access to said plurality records in said 
databases, thereby allowing access to said plurality of records to be determined based on said 
calculation expression (PERMISSION TABLES as in FIG. 15 are defined by system 
administrator, Col. 26, Lines 18-19, Each row of the Granted Permissions Table is 
defined by a meaningful combination of characters or expression to specify a record 
access right for a user, wherein each row in the Granted Permissions explicitly defines 
an access right of a user to a record in the database with its Fully Distinguished Name 
as a key is equal to the specified Fully Distinguished Name in the Granted Permissions 
Table. For example, based on the first row of the Granted Permissions Table, a User 
Name = user_x has Operation Type = delete on any record that has Object Name = 
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object_xyz. As seen, each row expression in the Granted Permissions Table is a 
calculation expression with a plurality of implied EQUAL OPERATOR, and is evaluated by 
the FDN field of the record to determine the access right); and 

receiving a request to perform at least one operation on said plurality of records in said 
database (Col. 20, Lines 23-31 ); 

evaluating said calculation expression for each of said plurality of records^ wherein said 
evaluation returns only one of two possible values for each of said plurality of records^ one of said 
possible values indicating that said at least one operation should be granted and another one of said 
possible values indicating that said at least one operation should be denied (Col . 27, Line 45-Col . 
28, Line 26); 

granting said at least one operation to be performed when said evaluation returns one said 
possible value to indicate that said at least one operation should be granted (Col. 28, Lines 1 -3); 

and 

denying said at least one operation to be performed when said evaluation returns one said 
another possible value to indicate that said at least one operation should be denied (Col . 28, Lines 4- 
10). 

Regarding claim 49, Bapat teaches all of the claimed subject matter as discussed 

above with respect to claim 48, Bapat further discloses said calculation expression includes 
at least one field of data of a plurality of records stored in said database and can be evaluated at least 
partly based on at least one field of at least one record in said database^ thereby allowing selectively 
controlling access to various fields of data stored in said plurality of records (Col. 27, Line 45-Col, 
28, Line 26 and Col. 20, Lines 22-40). 
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Regarding claim 50, Bapat teaches all of the claimed subject matter as discussed 
above with respect to claim 48, Bapat further discloses said calculation expression can be 
evaluated at least partly based on at least one state variable of said database (Col. 26, lines 28-33). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
Invention was made to a person having ordinary skill In the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner In which the Invention was made. 

This application currently names joint inventors. In considering patentability of 

the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 

the various claims was commonly owned at the time any inventions covered therein 

were made absent any evidence to the contrary. Applicant is advised of the obligation 

under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 

not commonly owned at the time a later invention was made in order for the examiner to 

consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 

prior art under 35 U.S.C. 103(a). 

Claims 11-15 and 38-42 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bapat et al. [USP 6,236,996 B1] in view of Elmasri et al. 
[Fundamentals of Database System]. 
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Regarding claims 1 1 and 38, Bapat teaches a method and program for 
controlling managed objects. As shown in FIG. 14, tables 310 and 320 as in FIG. 1 1A 
are stored in a conventional DBMS 280 (Col. 25, lines 49-50). Rows 31 1 , 312, 321 , 322 
of the tables 310, 320 contain management information for managed objects (Col. 25, 
lines 60-61). The FDN operates as the primary key to the data stored in the table and to 
determine which managed objects that a particular user is permitted to access or modify 
(Col. 19, lines 36-40). Access control for a particular user on a particular managed 
object is defined by a permissions table as shown below (Col. 26, lines 10-12). 
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A permission entry 1502 is tuple having three fields, user name, object name, 
and operation type. The object name, preferably, is the FDN or Full Distinguish Name 
for a managed object (Col. 26, Lines 28-33). Referring to FIG. 1 1 A as shown below, 
each row in the database tables includes a field called the Fully Distinguished Name or 
FDN of a managed object followed by columns of data. For example, an FDN can look 
like /systemid="sys17owner="accompany"/devicetype="router" (Col. 19, Lines 24-35). 
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As seen, each row of the Granted Permissions Table is defined by a meaningful 
combination of characters or expression to specify a record access right for a user, 
wherein each row in the Granted Permissions explicitly defines an access right of a user 
to a record in the database with its Fully Distinguished Name as a key is equal to the 
specified Fully Distinguished Name in the Granted Permissions Table. For example, 
based on the first row of the Granted Permissions Table, a User Name = user_x has 
Operation Type = delete on any record that has Object Name = object_xyz. As seen, 
each row expression in the Granted Permissions Table is a calculation expression with a 
plurality of implied EQUAL OPERATOR, and is evaluated by the FDN field of the record 
to determine the access right. In short, the Bapat technique indicates 

a calculation expression is defined based on FDH 3S at least one field of data used in a 
plurality of records stored in said database and 

can be evaluated at least partly based on said at least one field, thereby allowing access to 
various field of data stored in said plurality of record to be selectively controlled (Col . 27, Line 45- 
Col. 28, Line 26 and Col. 1 9, Line 55-Col. 20, Line 40) and 

wherein expression defines access privileges of said one or more users with respect to at least 
one operation that may be requested to be performed by said one or more users on said plurality of 
records of said database (FIG. 15 A and B). 

When a user 300 issues an SQL command to access the DBMS 280 (Col. 22, 
lines 24-26, Col. 25, lines 65-67) for the status of all routers in the network or for 
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information about a specified list of managed objects (Col. 28, lines 27-30) as receiving a 
request to perform said at least one operation on said plurality of records of said database, said request 
being identified as a request made by said one or more users associated with USer name. 

Access Control is enforced by evaluating user name, object name and operation 
type as said calculation expression for said each of said plurality of records, based on said at least 
one field of data, when said request has been received; said evaluation returning only one of two 
possible values for each of said plurality of records, one of said possible values indicating that said at 
least one operation should be granted and another one of said possible values indicating that said at 
least one operation should be denied; granting said at least one operation to be performed when said 
evaluation returns one said possible value to indicate that said at least one operation should be 
granted; and denying said at least one operation to be performed when said evaluation returns one said 
another possible value to indicate that said at least one operation should be denied (Col . 27, line 45- 
CoL28, line 26). 

The missing of Bapat technique is the step identifying a password that is associated 
with one or more users of said database, 

Elmasri teaches a method of protecting access to a database system by 

identifying a password that is associated with one or more users of said database (El masri , page 
718). 

Therefore, it would have been obvious for one of ordinary skill in the art at the 
time the invention was made to modify the Bapat method by using a password to 
identify a user a taught by Elmasri in order to have a more secure database system. 
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Regarding claims 12 and 39, and Bapat and Elmasri, in combination, teach all of 
the claimed subject matter as discussed above with respect to claims 1 1 and 38, Bapat 

further discloses at least one operation can be a browse^ an edit, or a delete operation (FIG. 1 5A 
and B). 

Regarding claims 13 and 40, Bapat and Elmasri, in combination, teach all of the 
claimed subject matter as discussed above with respect to claims 1 1 and 38, Bapat 

further discloses calculation expression is not explicitly defined for said at least one operation but 
said calculation expression is one that has been defined for another operation which has been 
considered as a related operation to said at least one operation (FIG. 1 5 A). 

Regarding claims 14 and 41, Bapat and Elmasri, in combination, teach all of the 
claimed subject matter as discussed above with respect to claims 1 1 and 38, Bapat 

further discloses said calculation expression can be evaluated at least partly based on at least one 
state variable of said database (Col. 26, lines 28-33). 

Regarding claims 15 and 42, Bapat and Elmasri, in combination, teach ail of the 
claimed subject matter as discussed above with respect to claims 14 and 38, Bapat 

further discloses the step of granting temporary or limited access to said at least one record to 
allow said evaluating of said calculation expression (FIG. 1 5A), 
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Claims 43-47 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Bapat et al. [USP 6,236,996 B1] in view of Glasser et al. USP 6,308,173 81]. 

Regarding claim 43, Bapat teaches a database system comprising: 

a database including a plurality of records stored therein (Col. 25, Lines 49-50 and 55- 

59); 

a database program that can access said database and can be used as an interface to said 
database (Col. 7, Lines 45-67), 

wherein said database program can be used to: define a calculation expression for controlling 
access to said plurality records in said databases, thereby allowing access to said plurality of records to 
be determined based on said calculation expression (PERMISSION TABLES as in FIG. 15 are 
defined by system administrator, Col. 26, Lines 18-19. Each row of the Granted 
Permissions Table is defined by a meaningful combination of characters or expression to 
specify a record access right for a user, wherein each row in the Granted Permissions 
explicitly defines an access right of a user to a record in the database with its Fully 
Distinguished Name as a key is equal to the specified Fully Distinguished Name in the 
Granted Permissions Table. For example, based on the first row of the Granted 
Permissions Table, a User Name = user_x has Operation Type = delete on any record 
that has Object Name = object_xyz. As seen, each row expression in the Granted 
Permissions Table is a calculation expression with a plurality of implied EQUAL 
OPERATOR, and is evaluated by the FDN field of the record to determine the access 
right); and 

wherein said database program is further capable of: 
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receiving a request to perform at least one operation on said plurality of records in said 
database (CoL 20, Lines 23-31 ); 

evaluating said calculation expression for each of said plurality of records, wherein 
said evaluation returns only one of two possible values for each of said plurality of records, one 
of said possible values indicating that said at least one operation should be granted and 
another one of said possible values indicating that said at least one operation should be denied 
(Col. 27, Line 45-Col. 28, Line 26); 

granting said at least one operation to be performed when said evaluation 

returns one said possible value to indicate that said at least one operation should be 

granted (CoL 28, Lines 1-3); and 

denying said at least one operation to be performed when said evaluation 

returns one said another possible value to indicate that said at least one operation 

should be denied (Col. 28, Lines 4-10). 
Bapat does not explicitly teach Graphical User interface is included to define 
expression. 

However, as disclosed by Bapat, the system administrator 302 creates the 
permissions tables prior to use of the DBMS 280 by end users. The system 
administrator 302 invokes a call 440 to the Create_PermissionsJIahles 442 
procedure of the DBMS 280 (Bapat, Col. 26, lines 18-27). As seen, in order to create 
the permission table by the Create_Permissions_Tables procedure, obviously, a 
Graphical User Interface has to be used to enter the user name, FDN and access control 
code as discussed above. Glasser teaches a Graphical User Interface for defining 
access control expression (Glasser, FIG. 6B). 
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Therefore, it would have been obvious for one of ordinary skill in the art at the 
time the invention was made to include a Graphical User Interface as taught by Glasser 
in order to have a friendly system to define access right for a user. 

Regarding claim 44, Bapat and Glasser, in combination, teach all of the claimed 
subject matter as discussed above with respect to claim 43, Bapat further discloses said 

calculation expression includes at least one field of data of a plurality of records stored in said 
database and can be evaluated at least partly based on at least one field of at least one record in said 
database, thereby allowing selectively controlling access to various fields of data stored in said plurality 
of records (CoL 27, Line 45-Col. 28, Line 26 and Col. 20, Lines 22-40). 

Regarding claim 45, Bapat and Glasser, in combination, teach all of the claimed 
subject matter as discussed above with respect to claim 43, Bapat further discloses at 

least one operation can be a browse, an edit, or a delete operation (FIG. 15A and B). 

Regarding claim 46, Bapat and Glasser, in combination, teach all of the claimed 
subject matter as discussed above with respect to claim 43, Bapat further discloses 
calculation expression is not explicitly defined for said at least one operation but said calculation 
expression is one that has been defined for another operation which has been considered as a related 
operation to said at least one operation ( F I G . 1 5 A ) . 

Regarding claim 47, Bapat and Glasser, in combination, teach all of the claimed 
subject matter as discussed above with respect to claim 43, Bapat further discloses said 
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calculation expression can be evaluated at least partly based on at least one state variable of said 
database (Col. 26, lines 28-33). 



Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706,07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to HUNG Q. PHAM whose telephone number is 571-272- 
4040. The examiner can normally be reached on Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, JOHN E. BREENE can be reached on 571-272-4107! The fax phone 
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number for the organization where this application or proceeding is assigned is 703- 
872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 




HUNGQPHAM 
Examiner 
Art Unit 2162 



May 13, 2005 




